<?php

define("HOSTNAME","localhost");
define("USERNAME","root"); 
define("PASSWORD","");
define("DATABASE","fiziologija");

header( 'Content-type: text/html; charset=utf-8' );


$loginForm = "
<div class='content'>
<span class=\"contentTitle\"> Prijava </span>

<form  name=\"formLogin\" method=\"POST\" action='exec/login.php'>
	<table cellspacing=\"0\" width='100%'>
		<tr> <td> <input type=\"text\" name=\"username\" id=\"username\" placeholder=\"Korisničko ime\" size=\"15\"/> </td> </tr>
		<tr> <td> <input type=\"password\" name=\"password\" id=\"password\" placeholder=\"Lozinka\" size=\"15\"/> </td> </tr> 
		<tr> <td> <input type=\"submit\" name='submit' value=\"Prijava\"></td> </tr>	
	</table>
</form>
</div><br>";

$logoutButton = "
<input type='button' value='Odjavite se' onclick=\"location.href='exec/logout.php'\">";

$kemikalijeSubmenu = "";
$receptiSubmenu = "";
$miseviSubmenu = "";
$administracijaSubmenu = "";

function connect() {
	if (!$con = mysql_connect(HOSTNAME,USERNAME,PASSWORD)) {
		print("Can't connect to mysql server!");
		return 0;
	}
	if (!$stat = mysql_select_db(DATABASE,$con)) {
		print("Can't select database!");
		return 0;
	}
	return $con;
}

function myDie($greska, $link) {
	die("Greska: " . $greska . "<br> <hr> <br> Povratak na <a href='" . $link . "'> " . $link . " </a>");
}

function myQuery($query) {
	if (!($con = connect())) myDie("Connect() failed!","index.php");
	
	if (!($result = mysql_query($query,$con))) myDie("QUERY FAILED! <br><hr> OPIS: " .  mysql_error($con) . "<br><hr> QUERY:<br>" . $query, "<br><hr>", "../index.php");
	mysql_close($con);
	return $result;
}

function autentifikacija() {
	if (!isset($_SESSION['id'])) myDie("Morate biti prijavljeni za ovu akciju", "index.php");
}

function autentifikacijaAdmin() {
	if (!isset($_SESSION['id'])) {
		if ($_SESSION['prava'] != 1)
			myDie("Morate biti prijavljeni kao administrator za ovu akciju", "index.php");
	}
}

function isUser() {
	if (!isset($_SESSION['id'])) return false;
	else return true;
}

function isAdmin() {
	if (!isset($_SESSION['id'])) return false;
	else {
		if ($_SESSION['prava'] == 1) return true;
		else return false;
	}
}

function getUserFromId($id) {
	if (!isset($id)) return "Nepoznati korisnik";
	
	$query = "SELECT ime, prezime FROM korisnici WHERE id=" . $id . ";";
	$result = myQuery($query);
	$row = mysql_fetch_array($result,MYSQL_ASSOC);
	if ($row) {
		return $row['ime'] . " " . $row['prezime'];
	}
	else "Nepoznati korisnik";
}

function getRowFromId($table, $column, $id) {
	if (!isset($id)) return "";
	
	$query = "SELECT ". $column . " FROM " . $table . " WHERE id=" . $id . ";";
	$result = myQuery($query);
	$row = mysql_fetch_array($result,MYSQL_NUM);
	if ($row) {
		return $row[0];
	}
	else "";
}

function stringVal($text) {
	$text = str_replace("'","\\'",$text);
	$text = str_replace("\"","\\\"",$text);
	return $text;
}

function dbInsert($table, $values, $numOfValues, $link="../index.php") {
	$query = "INSERT INTO " . $table . " (";
	
	for ($i=0; $i<$numOfValues; $i++) {
		$query .= $values[$i][0];
		if ($i != $numOfValues-1) $query .= ", ";
	}
	$query .= ") VALUES (";
	
	for ($i=0; $i<$numOfValues; $i++) {
		$query .= "'" . $values[$i][1] . "'";
		if ($i != $numOfValues-1) $query .= ", ";
	}
	$query .= ");";
	
	if (!($con = connect())) myDie("Connect() failed!","index.php");
	if (!($result = mysql_query($query,$con))) myDie("QUERY FAILED! <br><hr> OPIS: " .  mysql_error($con) . "<br><hr> QUERY:<br>" . $query, "<br><hr>", "../index.php");
	$id = mysql_insert_id($con);
	mysql_close($con);
	
	return $id;
}

function dbUpdate($table, $values, $numOfValues, $id, $link="../index.php") {
	$query = "UPDATE " . $table . " SET ";
	for ($i=0; $i<$numOfValues; $i++) {
		$query .= $values[$i][0] . "='" . $values[$i][1] . "'";
		if ($i != $numOfValues -1) $query .= ", ";
	}
	$query .= " WHERE id=" . $id . ";";
	$result = myQuery($query);
	
	header("Location: " . $link);
}

function dbDelete($table, $id, $link="../index.php") {
	$query = "DELETE FROM " . $table . " WHERE id=" . $id . ";";
	$result = myQuery($query);
}
/*
function dbSelect($table, $values, $numOfValues=1) {
	$query = "SELECT FROM " . $table . " WHERE ";
	for ($i=0; $i<$numOfValues; $i++) {
		$query .= $columns[$i] . "='" . $values[$i] . "'";
		if ($i != $numOfValues-1) $query .= " AND ";
	}
	$query .= ";";
	$result = myQuery($query);
	return $result;
}
*/

function dbGetAtributeId($table, $uniqueColumn, $value) {
	$query = "SELECT id FROM " . $table . " WHERE " . $uniqueColumn . "='" . $value . "';";
	$result = myQuery($query);
	$row = mysql_fetch_array($result);
	if ($row) {
		return $row['id'];
	} 
	else return 0;
} 

function dbGetNazivFromId($table, $id) {
	$query = "SELECT naziv FROM " . $table . " WHERE id=" . $id . ";";
	$result = myQuery($query);
	$row = mysql_fetch_array($result);
	if ($row) {
		return $row['naziv'];
	}
	else return "";
}

function dbMakeArrayOfAtributes($table, $column, $mode="withEmptySpaces") {
	$res = array();
	
	$query = "SELECT " . $column . " FROM " . $table;
	if (strcmp($mode,"noEmptySpaces") == 0) $query .= " WHERE " . $column . "!=''";
	$query .= ";";
	
	$result = myQuery($query);
	$i=0;
	while ($row = mysql_fetch_array($result)) {
		$res[$i] = $row['naziv'];
		$i++;
	}
	return $res;
}

function printOptionsOfAtributes($table, $column, $action=0, $mode="withEmptySpaces", $selectedId=0) {
	$opts = array();
	$values = array();
	
	$query = "SELECT id," . $column . " FROM " . $table;
	if (strcmp($mode,"noEmptySpaces") == 0) $query .= " WHERE " . $column . "!=''";
	$query .= "  ORDER BY id ASC;";
	
	$result = myQuery($query);
	$i=0;
	while ($row = mysql_fetch_array($result)) {
		$opts[$i] = $row['naziv'];
		$values[$i] = $row['naziv'];
		if ($row['id'] == $selectedId) $values[$i] .= "' selected='selected'";
		else $values[$i] .= "'";
		$i++;
	}

	$res = "";
	for ($i=0; $i<count($opts); $i++) {
		$res .= "<option value='" . $values[$i] . " >" . $opts[$i] . "</option>";
	}
	if ($action == 0) print($res);
	else return $res;

}

function insertIntoManyOnMany($table, $colMain, $colAtribute, $idMain, $atributes) {
	$atributes = explode("; ", $atributes);
	foreach ($atributes as $val) {
		$query = "INSERT INTO " . $table . " (" . $colMain . "," . $colAtribute . ") 
			SELECT '" . $idMain . "', id FROM " . $colAtribute . " WHERE naziv='" .
			$val . "';";
		$result = myQuery($query);
	}
}

function atributiKemikalijaToString($atribute, $kemId) {

	$query = "SELECT " . $atribute . ".naziv FROM kemikalija 
		INNER JOIN kemikalija_" . $atribute . " ON kemikalija.id=kemikalija_" . $atribute . ".kemikalija
		INNER JOIN " . $atribute . " ON " . $atribute . ".id=kemikalija_" . $atribute . "." . $atribute . "
		WHERE kemikalija.id=" . $kemId . ";";
	$result = myQuery($query);
	$res = "";
	$i=0;
	while ($row = mysql_fetch_array($result)) {
		$res .= $row['naziv'];
		if ($i < mysql_num_rows($result)-1) $res .= ", ";
		$i++;
	}
	return $res;
}

function getSinonimiToString($kemId) {
	$query = "SELECT naziv FROM sinonim WHERE kemikalija=" . $kemId . ";";
	$result = myQuery($query);
	$res = "";
	$i=0;
	while ($row = mysql_fetch_array($result)) {
		$res .= $row['naziv'];
		if ($i < mysql_num_rows($result)-1) $res .= ", ";
		$i++;
	}
	return $res;
}

function insertIntoOneOnMany($table, $colId, $id, $values) {
	if ($values == null) return;
	$values = explode("; ", $values);
	foreach ($values as $val) {
		$query = "INSERT INTO " . $table . " (" . $colId . ",naziv) VALUES (" .
				$id . ",'" . $val . "');";
		$result = myQuery($query);
	}
}

function dbDeleteFormManyOnMany($table, $colMain, $id) {
	$query = "DELETE FROM " . $table . " WHERE " . $colMain . "=" . $id . ";";
	$result = myQuery($query);
}

?>
